Skip to content

Commit 2ef77c0

Browse files
lukastaegertlukastaegert
committed
Fix DOM Clobbering CVE
1 parent a6448b9 commit 2ef77c0

39 files changed

Lines changed: 87 additions & 86 deletions

File tree

src/ast/nodes/MetaProperty.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ const getRelativeUrlFromDocument = (relativePath: string, umd = false) =>
156156
getResolveUrl(
157157
`'${escapeId(relativePath)}', ${
158158
umd ? `typeof document === 'undefined' ? location.href : ` : ''
159-
}document.currentScript && document.currentScript.src || document.baseURI`
159+
}document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`
160160
);
161161

162162
const getGenericImportMetaMechanism =
@@ -178,7 +178,7 @@ const getFileUrlFromRelativePath = (path: string) =>
178178
const getUrlFromDocument = (chunkId: string, umd = false) =>
179179
`${
180180
umd ? `typeof document === 'undefined' ? location.href : ` : ''
181-
}(${DOCUMENT_CURRENT_SCRIPT} && ${DOCUMENT_CURRENT_SCRIPT}.src || new URL('${escapeId(
181+
}(${DOCUMENT_CURRENT_SCRIPT} && ${DOCUMENT_CURRENT_SCRIPT}.tagName.toUpperCase() === 'SCRIPT' && ${DOCUMENT_CURRENT_SCRIPT}.src || new URL('${escapeId(
182182
chunkId
183183
)}', document.baseURI).href)`;
184184

test/chunking-form/samples/asset-needs-code-reference/_expected/cjs/main.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
'use strict';
22

3-
var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/logo2.svg').href : new URL('logo2.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
3+
var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/logo2.svg').href : new URL('logo2.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
44

55
{
66
const image = document.createElement('img');

test/chunking-form/samples/emit-file/emit-chunk-with-importer/_expected/cjs/main.js

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/chunks/nested.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
'use strict';
22

33
const getWorkerMessage = () => new Promise(resolve => {
4-
const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker-proxy.js').href : new URL('worker-proxy.js', document.currentScript && document.currentScript.src || document.baseURI).href));
4+
const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker-proxy.js').href : new URL('worker-proxy.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
55
worker.onmessage = resolve;
66
});
77

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/chunks/worker-proxy.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
'use strict';
22

3-
PLACEHOLDER((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker.js').href : new URL('worker.js', document.currentScript && document.currentScript.src || document.baseURI).href));
3+
PLACEHOLDER((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker.js').href : new URL('worker.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/main.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
var shared = require('./chunks/shared.js');
44

55
const getWorkerMessage = () => new Promise(resolve => {
6-
const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worker-proxy.js').href : new URL('chunks/worker-proxy.js', document.currentScript && document.currentScript.src || document.baseURI).href));
6+
const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worker-proxy.js').href : new URL('chunks/worker-proxy.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
77
worker.onmessage = resolve;
88
});
99

test/chunking-form/samples/emit-file/emit-chunk-worklet/_expected/cjs/main.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
var shared = require('./chunks/shared.js');
44

5-
CSS.paintWorklet.addModule((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worklet.js').href : new URL('chunks/worklet.js', document.currentScript && document.currentScript.src || document.baseURI).href));
5+
CSS.paintWorklet.addModule((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worklet.js').href : new URL('chunks/worklet.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
66

77
document.body.innerHTML += `<h1 style="background-image: paint(vertical-lines);">color: ${shared.color}, size: ${shared.size}</h1>`;

test/chunking-form/samples/emit-file/reference-files/_expected/cjs/main.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
'use strict';
22

3-
var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo1-60bc15c4.svg').href : new URL('assets/logo1-60bc15c4.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
3+
var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo1-60bc15c4.svg').href : new URL('assets/logo1-60bc15c4.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
44

55
function showImage(url) {
66
console.log(url);

test/chunking-form/samples/emit-file/reference-files/_expected/cjs/nested/chunk.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
var main = require('../main.js');
44

5-
var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/../assets/logo2-fdaa7478.svg').href : new URL('../assets/logo2-fdaa7478.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
5+
var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/../assets/logo2-fdaa7478.svg').href : new URL('../assets/logo2-fdaa7478.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
66

77
main.showImage(logo);

test/chunking-form/samples/emit-file/set-asset-source/_expected/cjs/main.js

Lines changed: 8 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)